Security at Stepflow

Introduction

As we begin to grow our customer base, your trust and data security is extremely important to us. Managing this data is a responsibility we take into account for every facet of the business from day one. This includes security of the product, network and hosting, business operations, and interactions with our customers.

Product security

  • Access to your projects by Stepflow employees within our application is only permitted with your permission; after an invitation to our support email has been received.
  • Every password has a salt applied before it is hashed using the SCRYPT algorithm.

Network and application security

  • The Stepflow application and data are hosted on the Google Cloud Platform in facilities within the US. Our application and users benefit from the wide range of security features and compliances provided by this platform. Read more at cloud.google.com/security.
  • Access to customer data in Stepflow's backend is only available when debugging a specific problem (usually by customer request) and is restricted to certain development roles. In general, access to backend services is only permitted for the purposes of improving, operating or servicing the system, performing routine maintenance, or debugging. Each time we log the reason or justification for that particular session.
  • All data sent to or from Stepflow is encrypted in transit and at rest. Our application endpoints are secured by TLS/SSL.
  • Our team will reach out to you within 72 hours of learning about a data breach.

Security questions?

If you think you may have found a security vulnerability, please get in touch with our team at support@stepflow.co. Be sure to also read our Terms of Use and Privacy Policy.